WordPress Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation Plugin <= 2.4.9 is vulnerable to Arbitrary File Upload

Software Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation Type Plugin Vulnerable versions = 2.4.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52384 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID...

How an AI “artist” stole a woman’s face, with Ali Diamond (Lock and Code S05E15)

This week on the Lock and Code podcast… Full-time software engineer and part-time Twitch streamer Ali Diamond is used to seeing herself on screen, probably because she’s the one who turns the camera on. But when Diamond received a Direct Message DM on Twitter earlier this year, she learned that h...

CVE-2024-26152

Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability. Details Need permission to use the "data import" function. This was reproduced on Label...

CVE-2024-26152 Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config

Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability. Details Need permission to use the "data import" function. This was reproduced on Label...

CVE-2024-26152 Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config

Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability. Details Need permission to use the "data import" function. This was reproduced on Label...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick

PNG Image Generator This Python script generates a PNG image...

Red Hat OpenShift Assisted Installer 日志信息泄露漏洞

Red Hat OpenShift Assisted Installer is an assisted boot installer from Red Hat USA. A security vulnerability exists in Red Hat OpenShift Assisted Installer that stems from an image pulling secret being leaked in plaintext in the installation log during the generation of the Discovery ISO...

CVE-2021-37557

A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated but low-privileged attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter...

CVE-2021-37557

A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated but low-privileged attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter...

Sql injection

A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated but low-privileged attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter...

CVE-2021-37557

Centreon contains a SQL injection vulnerability in image generation (generateImage.php index parameter) that affects Centreon versions prior to 20.04.14, 20.10.8, and 21.04.2. The flaw allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands. The vulnerability ...

Command Injection

Overview madge is a Madge is a developer tool for generating a visual graph of your module dependencies, finding circular dependencies, and give you other useful info. Affected versions of this package are vulnerable to Command Injection. It is possible to specify a custom Graphviz path via the...

KB2793634 - Windows Installer starts repeatedly after you install SQL Server 2012 SP1

KB2793634 - Windows Installer starts repeatedly after you install SQL Server 2012 SP1 Symptoms After you install SQL Server 2012 SP1 on a computer, the Windows Installer Msiexec.exe process is repeatedly started to repair certain assemblies. Additionally, the following events are logged in the...

Orca Input Validation Error Vulnerability

Orca is a command line application for generating static images for interactive drawing. An input validation error vulnerability exists in Orca. An attacker could exploit the vulnerability to execute code...

CVE-2018-5123

A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4...

Design/Logic Flaw

A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4...

CVE-2018-5123

A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4...

[SECURITY] Fedora 24 Update: python-tgcaptcha2-0.3.1-1.fc24

TGCaptcha2 is a TurboGears widget that provides an easy way to incorporate a captcha as part a form in an attempt to reduce spam or malicious activity. Features include: Relatively pain-free usage and validation inside of a regular widget-based form Flexibility to add or extend image generation...

[SECURITY] Fedora 23 Update: python-tgcaptcha2-0.3.1-1.fc23

TGCaptcha2 is a TurboGears widget that provides an easy way to incorporate a captcha as part a form in an attempt to reduce spam or malicious activity. Features include: Relatively pain-free usage and validation inside of a regular widget-based form Flexibility to add or extend image generation...

[SECURITY] Fedora 22 Update: python-tgcaptcha2-0.3.1-1.fc22

TGCaptcha2 is a TurboGears widget that provides an easy way to incorporate a captcha as part a form in an attempt to reduce spam or malicious activity. Features include: Relatively pain-free usage and validation inside of a regular widget-based form Flexibility to add or extend image generation...